Right to privacy: SC judgment raises serious questions about Aadhaar

It raises serious questions about Aadhaar, where data collection has been delegated to private entities.

New Delhi |
Published: September 5, 2017 3:43 AM

The Supreme Court’s judgment is a resounding reiteration that Part-III of the Constitution of India and, in particular, Article 21, are but vessels that can (and should) be filled with what is necessary for any person to lead a wholesome life with dignity. (PTI)

So writes Nobel-prize winner Bob Dylan. And so says the nine-judge bench of the Supreme Court (SC), when it comes to dealing with the right to privacy in today’s setting. This is the underlying theme applied by the SC when it comes to understanding the scope of rights guaranteed in Part-III of the Constitution of India. The SC’s judgment is a resounding reiteration that Part-III of the Constitution of India and, in particular, Article 21, are but vessels that can (and should) be filled with what is necessary for any person to lead a wholesome life with dignity. The Court has clarified the fundamental principle that fundamental rights under the Constitution cannot be restricted only to what the founding fathers contemplated. As a living and breathing document, it has to evolve with what ‘WE THE PEOPLE’ require from time-to-time. In the eyes of the Court, in today’s information-age, it was quintessential for individuals to possess the fundamental right to privacy to live with dignity and exercise personal liberty.

Justice DY Chandrachud’s opinion contains a finding that the right to privacy is both a positive and a negative right. As a ‘negative’ right, this imposes an obligation on the State not to intrude upon one’s privacy unless justified in accordance with the test prescribed. As a ‘positive’ right, this imposes an obligation to take affirmative steps to prevent breach of the right by non-state actors. There is, thus, a direction to the central government to create a regime to ensure that privacy rights are not trammelled by other private parties. This quality of the right to privacy having a positive element would mean that even when new regimes are created or existing regimes are tweaked to regulate privacy violations that may occur at the ‘horizontal’ private party-to-private party level, a private party may challenge the same on the basis that it is not in consonance with the principles laid down by the Court.

One important and connected finding is Justice Sanjay Kishan Kaul’s opinion on one aspect of the right to privacy—the right to be forgotten. In his opinion, a person has the right to control his/her existence on the internet and like in all cases, this aspect of the right to privacy is not absolute. He acknowledges in this concurring opinion that ‘big data’ can be used to further public interest, where collection and processing of big data is legitimate and proportionate, despite being invasive of privacy otherwise. Nevertheless, his opinion suggests that individuals should have the right to remove information concerning himself/herself from the public domain. Both this view as well as that of Justice Chandrachud and Justice Rohinton Nariman reiterate that privacy right is not lost merely because it has been shared with another person. However, Justice Kaul has also noted that this right is to be balanced with other fundamental rights, such as the right to freedom of expression. When combined with the finding that privacy is a positive right, this implies that any regime the government intends to bring is likely to impose appropriate obligations on controllers of data to address the right to be forgotten, much like the situation in the EU.

A second connected finding relates to the involvement of private individuals when it comes to data collection and handling. The Court has reiterated an earlier view from the two-judge bench decision of the SC that while the State may gain access to private information of individuals for legitimate state aims, this power cannot be delegated to private persons. The State has to ensure that collected private information cannot fall in the hands of other private persons. This raises serious questions about Aadhaar or other initiatives of the government, where data collection has been delegated to private entities.

The implications of this judgment on beef ban, the Aadhaar controversy and the Naz Foundation case, are recognised impliedly or expressly in the judgment. Immediate implications aside, history shows that the true impact of a judgment of this magnitude and importance is almost always felt across decades. There will be several cases in the future dissecting this judgment and inferring new conclusions or even placing limits on what was truly ‘meant’ by this judgment. This very judgment is a great example of this phenomenon, having limited the 1954 judgment in the MP Sharma case and recognising an inherent contradiction in the 1964 judgement in the Kharak Singh case. This is but the start of a journey.

UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of sensitive information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.

Reply

R

Reader

Sep 5, 2017 at 6:16 am

The US Social Security Number (SSN) has no biometric details, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government does not collect the biometric details of its own citizens.

Reply

R

Reader

Sep 5, 2017 at 6:16 am

The privacy laws of the United States deal with several different legal concepts. One is the invasion of privacy, a tort based in common law allowing an aggrieved party to bring a lawsuit against an individual who unlawfully intrudes into his or her private affairs, discloses his or her private information, publicizes him or her in a false light, or appropriates his or her name for personal gain. The essence of the law derives from a right to privacy, defined broadly as "the right to be let alone."

Reply

A

AadhaarIsDead

Sep 5, 2017 at 5:37 am

#AADHAAR violates #RightToPrivacy by data/bio-metrics to anyone who is ready to pay $. In the name of removing corruption, #AADHAAR is trying to enslave billion Indians.